DHS testing mobile, attribute-based identity system for first responders
23 September, 2016
category: Digital ID, Government
The need to properly identify first responders at incident sites has been an ongoing challenge for more than a decade. Federal, state and local governments have been trying to figure out the best way to know who has arrived at a scene while also ensuring that they have the proper qualifications to be there.
For years Homeland Security and FEMA wanted smart cards issued to first responders. Multiple programs were launched, but complications led to the majority being scrapped.
The logical next step – as with most identity projects these days – seems to be the leveraging of the first responders mobile devices. One such project is being piloted by the Kantara Initiative and the Command, Control and Interoperability Center for Advanced Data Analysis (CCICADA). Based at Rutgers University in New Jersey, CCICADA is a Homeland Security Center of Excellence.
Called Mobile Device and Attribute Validation (MDAV), the system enables a first responders smartphone to send encrypted information about their credential to another smartphone used by local authorities managing a response operation. In this manner, the credentials can be instantly verified and access granted to the scene.
The identity and access management system enables local management to access a certificate authority database containing current status and other information about emergency responders. Responders’ smartphones hold their credentials or attributes, and once verified, local authorities can be assured of who is onsite and their expertise. Examples of expertise can include hazardous material training, fire fighting or medical training.
Currently, first responders present badges or other forms of ID to check-in with local authorities in a disaster situation. This is a time-consuming process and doesn’t truly verify the individual, the agency they represent or their expertise.
“This isn’t an identity problem, it’s about attributes and how you get someone on the ground who is qualified and has the necessary skills,” says Steve Wilson, founder of Lockstep Technologies, the company developing MDAV.
What sets this system apart from others is that it provides only the necessary attributes and nothing more, Wilson says. With the Homeland Security grant, Lockstep wants to build a proof of concept, show how it can work and then add use cases.
Two particular areas of interest are age verification and mobile driver licenses, Wilson says. Typically when someone needs to have their age verified they pull out a driver license or passport, which displays date of birth plus a variety of additional data elements that are not necessary. With this system a mobile device could communicate that the individual is the appropriate age without giving up excess personal data. The same use case would be relevant for mobile driver licenses. Instead of showing an address the system could just confirm residency or age.
MDAV uses x509 digital certificates, Wilson says. “The cryptography is pretty standard, you can go into the phone and sign stuff with the certificate once you put the credential on the phone,” he explains.
What is CCICADA?
Rutgers University in New Jersey is home to the Command, Control and Interoperability Center for Advanced Data Analysis (CCICADA), a group that is looking at different areas of identity and access management as well as privacy for Homeland Security, says Dennis Egan, assistant director at CCICADA.
CCICADA is a Homeland Security Center for Excellence and will be searching for and funding different projects. The Kantara Initiative is helping to find worthy projects that the center might be able to help get off the ground, Egan says.
The projects work in three phases. The first is a six-month project where an organization will produce a design for a system, identify customers and partners and submit it for assessment by Homeland Security and CCICADA. Phase two is building a prototype – which has a longer time span and involves more money – while the final phase is a full-blown pilot, Egan explains.
The center has been open for a little more than a year, and to date only has projects in phase one. Egan expects some to move forward shortly as others in the pipeline begin the process.
